The Criminal Justice Secure eMail (CJSM) is a secure group email service available to any justice organisation or practitioner that needs to send or receive sensitive information.
A typical CJSM secure email address might have the format [email protected].
CJSM has been in operation for over 20 years and enables information up to the “OFFICIAL” and “OFFICIAL-SENSITIVE” classification levels to be communicated between assured organisations, both in the public and private sector, such as the Crown Prosecution Service, victim support organisations, the police, probation, legal representatives, healthcare, private prisons and others.
The CJSM (Criminal Justice Secure eMail) service has over 660,000 users, 8,000+ organisations and handles over 50 million messages annually across the UK justice system.
It also offers:
CJSM – Secure, seamless communication across the justice community
- a direct connection to central government departments, police and NHS
- an onboarding and assurance process to provide high levels of security
- the most complete directory of justice professionals
- administration tools so organisations can manage their own users
- a dedicated helpdesk
As of the 1st October 2025, Egress Software Technologies (often referred to as Egress Systems or Egress) continues to run the Criminal Justice Secure Mail (CJSM) service for the Ministry of Justice.
Egress have managed the platform since taking over from Vodafone in 2019 and they handle operational delivery, support, and integrations for secure communications in the UK criminal justice system.
It is believed that the Criminal Justice Secure Mail (CJSM) service relies on a combination of proprietary and standard software components including the open source Haraka SMTP Server. The MoJ tender reveals that the existing CJSM service is hosted on MS Azure and hosted mailboxes are on Dovecot.
CJSM used to publish a number of useful guides for the Criminal Justice Secure Mail (CJSM) service. Webmail quick reference guide, Multi-factor authentication guide, CJSM Defend guide and CJSM Website Enhancements 2025 were removed in February 2026
The Ministry of Justice maintains an open microsite for CJSM at: https://github.com/ministryofjustice/cjsm
- This repo includes various guides/documents under the /training or /downloads folders
You can contact the CJSM Helpdesk on 020 7604 5598. Lines are open every weekday 8am-7pm. Or email [email protected]
The Judiciary of England and Wales use Microsoft 365 for email. Can you Email a Judge ?
How to Get a CJSM Account ?
To obtain a Criminal Justice Secure Mail (CJSM) account, you must be part of an organization involved in the UK criminal justice system, as the service is not available to the general public. You can request access at the CJSM website at https://cjsm.net.
If you have arrived at the Ministry of Injustice from https://cjsm.uk (MOI domain) you may well have been looking for https://cjsm.net which is the official website for The Criminal Justice Secure eMail (CJSM).
Is CJSM Secure ?
The Criminal Justice Secure Mail (CJSM) service is designed to be secure for its intended purpose, transmitting sensitive information up to the “OFFICIAL” and “OFFICIAL-SENSITIVE” classification levels within the UK criminal justice system.
However, its security has been debated due to historical issues and the evolving nature of cyber threats.
Security Strengths
- End-to-End Encryption: CJSM uses dedicated servers to encrypt emails and attachments (up to 10MB) between registered users, ensuring data confidentiality during transmission. This aligns with UK government standards for handling sensitive justice-related data.
- Multi-Factor Authentication (MFA): Access to the CJSM portal requires MFA, reducing the risk of unauthorized logins.
- Restricted Access: Only approved organizations (e.g., police, courts, legal firms) can register, with strict vetting processes. This limits exposure to external threats.
- Operational Oversight by Egress: Since Egress took over in 2019, they’ve addressed some legacy vulnerabilities (e.g., outdated protocols like RC4 and SSLv3 used under Vodafone). Egress’s expertise in secure email and compliance with ISO 27001 and Cyber Essentials Plus bolsters trust.
- No Major Breaches Reported: Despite past concerns, no significant data breaches have been publicly documented, indicating functional security for its scope.
- Policy Safeguards: CJSM prohibits storing emails on unapproved cloud services and restricts overseas access, minimizing data leakage risks.
Historical Security Issues (Pre-2019)
When Vodafone managed CJSM, security flaws were flagged in 2015, raising concerns that persist in discussions about the system’s legacy:
- Outdated Encryption: Reliance on RC4 (a weak cipher) and SSLv2/SSLv3 protocols, vulnerable to attacks like POODLE.
- Weak Certificates: Use of a self-signed 1024-bit RSA key, inadequate for modern standards.
- Poor SSL/TLS Rating: An “F” grade from SSL Labs due to insecure cipher suites, prompting some organizations to block CJSM traffic.
- Audit Gaps: Ineffective penetration testing failed to address these vulnerabilities promptly. While Egress has likely mitigated these (e.g., upgrading to stronger TLS protocols), specific technical details post-2019 are not publicly disclosed, as is typical for government systems.
Tender and the Transition to Cross Justice Secure Mail (CJSM Replacement)
While Egress operates the current CJSM, the UK Ministry of Justice (MoJ) is actively procuring a new system called Cross Justice Secure Mail to replace it. This upgrade aims to modernise secure email, file encryption and disaster recovery across justice partners.
The tender for Cross Justice Secure Mail (CJSM), the replacement for the existing Criminal Justice Secure Mail (CJSM) service, was issued by the UK Ministry of Justice (MoJ).
It aims to procure a modernized secure email, file encryption, and disaster recovery platform to support over 500,000 users across the criminal justice system in England, Wales, Scotland, and Northern Ireland.
The procurement follows a selective restricted procedure under the Procurement Act 2023, with submissions via the MoJ’s Jaggaer eSourcing Portal.
Key Timeline
- Procurement Launch: November 8th 2024
- Tender Submission Deadline: December 13th 2024 (bids closed)
- Contract Award: Expected in late 2025
- Implementation Phase: Up to 12 months, starting October 27th 2025
- Live Service Phase: 60 months (5 years), from October 2026 to October 2031
- Extensions: Up to 24 months (two 12-month periods), for a maximum total of 8 years
Contract Value
- Estimated Total: £26–30 million (depending on final scope)
- Influencing Factors:
- Tendered prices and implementation plans
- Uptake of optional services
- Extension options exercised
- Participation by additional contracting authorities (e.g., police, courts, probation services)
As of the 1st October 2025, the evaluation phase is ongoing with no award of contract announced yet.
Check out our related articles on Rule of Law, Open Justice, Is the Law Black and White ?, What Does Lady Justice Symbolise ?, Can a Judge Direct a Jury to Find a Defendant Not Guilty ?,Law Society, Law Commission, Solicitors, Solicitors Regulation Authority, Barristers, Bar Council of England and Wales, Bar Standards Board, Contra Mundum, R v Sussex Justices, Police Impartiality and the highly questionable Sussex Family Justice Board.
The Ministry of Injustice is not the Ministry of Justice nor is it affiliated in any way with the justice system, legal profession, police or any other law enforcement agencies.
Latest Articles ↓
- What is Two Tier Policing ?
The BBC describes so-called “two-tier policing” as where right-wing protests… Read more: What is Two Tier Policing ? - Lawful Use of Handcuffs by the Police
Handcuffs are a standard restraint tool used by police officers… Read more: Lawful Use of Handcuffs by the Police - His Honour Judge Nicholas Rowland
Judge Nicholas Edward Rowland, known as His Honour Judge Nicholas… Read more: His Honour Judge Nicholas Rowland - Police Barred and Advisory Lists
The police barred and advisory lists, which are managed by… Read more: Police Barred and Advisory Lists - President of the Family Division
The President of the Family Division is a highly esteemed… Read more: President of the Family Division - Is Crimestoppers Anonymous ?
Crimestoppers is widely promoted as the United Kingdom’s leading provider… Read more: Is Crimestoppers Anonymous ? - What is a Court Legal Adviser ?
In magistrates’ courts across England and Wales, lay justices (magistrates… Read more: What is a Court Legal Adviser ? - What is a Skeleton Argument ?
A skeleton argument is a concise written document prepared by… Read more: What is a Skeleton Argument ? - Can you Buy a Judge ?
His Honour Judge Martin John Cook was for sale, in… Read more: Can you Buy a Judge ? - Norwich Pharmacal Orders and Dodgy Fire Sticks
Norwich Pharmacal orders (NPOs) are a form of court-ordered disclosure… Read more: Norwich Pharmacal Orders and Dodgy Fire Sticks - What is a Statutory Instrument ?
A statutory instrument is the most common form of secondary… Read more: What is a Statutory Instrument ? - The Pensions Increase (Pension Scheme for Keir Starmer QC) Regulations 2013
In October 2013, the Treasury laid before Parliament a short… Read more: The Pensions Increase (Pension Scheme for Keir Starmer QC) Regulations 2013
Most Popular ↓
You should always seek formal legal advice from a qualified and reputable lawyer (solicitor or barrister).
There are a number of links to Free and Paid For Legal Resources and Legal Organisations on the Free Legal Advice , Legal Aid and Pro Bono pages.
[post_title] was last updated on the 2nd June 2026
